Colleagues,
I've made a couple of changes as requested, assuming this is ok I'll
pass it back to the NCC.
Brian.
**********************************
Draft Anti-Abuse WG Minutes – RIPE 61
Thursday, 18 November 2010, 14:00 – Westin Excelsior Hotel, Rome, Italy
Co-Chairs: Brian Nisbet, Richard Cox
Scribe: Fergal Cunningham
Chat: Laura Cobley
A. Administrative Matters
A1. Welcome
Working Group Co-Chair Brian Nisbet welcomed attendees and explained
that co-chair Richard Cox regrettably was unable to attend today’s session.
James Blessing, concerned Internet citizen, said that although it was
good to have an active co-chair, the reputation of the Anti-Abuse
Working Group was being impacted upon by the other co-chair, and he said
he would like to see this addressed.
Brian said this was a matter for the AOB section of the agenda.
Brian thanked the RIPE NCC scribe and Chat monitor, and the
stenographers. He asked that anyone who had a question on Chat give
their full name and affiliations.
Brian asked if there were any objections to the minutes from RIPE 60
being approved. There were none, so he said the minutes were approved.
Action on RIPE NCC: Remove “Draft” status from RIPE 60 Anti-Abuse
Working Group Minutes.
Brian noted that the agenda was slightly changed from the agenda posted
on the mailing list because Richard was unable to attend and there were
some late requests for presentations from RIPE NCC staff. The updated
agenda is available at:
http://ripe61.ripe.net/presentations/343-AA-WG_RIPE61_Agenda.pdf
B. Updates
B1. Recent List Discussion - Reporting Fraud, Database Issues, Time
Stamps (-B)
Working Group Co-Chair Brian Nisbet noted that there was a lot of
discussion on the mailing lists recently, and most of this was related
to items that would be dealt with further down the agenda.
He noted that the Anti-Abuse Working Group mailing list was not the
place to report network abuse. He did remind attendees that the whois –B
lookup gives the date of the last update to an object.
B2. Registrar Issues - Michele Neylon, Blacknight
Michele Neylon from Blacknight gave a presentation entitled “Abuse –
Registrar Perspective”. At the beginning of the presentation, Michele
asked for a show of hands on attendees who had had their credit card
skimmed or Paypal account attacked, and there was quite a large number
of hands.
The presentation is available at:
http://ripe61.ripe.net/presentations/244-blacknight-ripe-rome-2010.pdf
Tobias Knecht, Abusix, asked how should all these things be reported in
a machine and in a human readable format. He also suggested using xarf.org.
Michele said they get manual reports and, if the reports are to be
automated, there is no reason they can’t be provided in a particular
order. He said everything has to be read and investigated anyway.
Konstantin Bekreyev, DARS Telecom, asked, considering the recent
increase in botnets, when spam is sent through the port tcp/80 via email
systems such as Hotmail, what can he do. He is unable to close port 80
to these sites.
Michele said he did not know and suggested reporting it to Hotmail.
Brian said the big email companies have gotten better with spam and
dealing with it. If abuse comes from a website then it should be
reported to the original IP.
Gilles Massen, Restena Foundation, asked, since abusers are moving
quickly, how would Michele react to them efficiently while protecting
the innocent.
Michele said you have to carefully evaluate each report you receive and
you need to have a measured a response.
David Freedman, Claranet, asked what kind of proactive work the
registrars do.
Michele said there were a lot of registrars and their methods varied. He
said often the registrars and hosting operators did not have full
control of the network. He said he would like to see some best practices
coming out of the Anti-Abuse Working Group.
Brian said producing best practice documents is an action item for this
working group, and although this was not on the agenda for the current
meeting, he hoped to be able to come back to the mailing list with
something soon.
An attendee asked about the Google tool that was presented earlier by
Michele. He said that an ISP would need to have specific examples of
abuse before it would take action on a customer. He asked if the
registrar would contact the customer based on a Google report alone.
Brian explained that the Google safe browsing alerts tool lets Google
notify you if a site you are hosting has malware.
Michele said this used to be the case with registrars but now they have
to take a more proactive approach because of the number of reports they
receive each day. He said he would not contact anyone based on the alert
alone, but the alert would give you an indication of where abuse was
taking place and you can go there and see what is happening.
Andy Davidson, Netsumo, in response to the question from Konstantin,
recommended a tool from Loughborough University that looks in outbound
mail for evidence that someone has been phished. He added that it locks
the accounts of people who have been phished. Andy said he would send
details to the mailing list.
James Blessing, Limelight Networks, asked that the time stamp and
correct time zone be noted in all reports.
B3. RIPE NCC Draft Closure Agreement/Service Abuse
Athina Fragkouli, RIPE NCC, gave a presentation on the new RIPE NCC
document, Closure of an LIR and Deregistration of Resources. The
presentation is available at:
http://ripe61.ripe.net/presentations/281-Closure_of_LIRs_and_deregistration_of_resources_anti_abuse_aspects.pdf
Athina asked that attendees read the document and give feedback.
James Blessing, Limelight Networks, asked if the only thing that could
be effected under law was full termination of the service agreement.
Athina said this was the case but if the RIPE NCC received a Dutch court
order it could deregister resources. She confirmed that the RIPE NCC
would comply with a Dutch court order no matter what it contained.
David Freedman, Claranet, asked if there would be a way to let people
know that resources were in the process of being deregistered.
Athina said a tag would be added to such resources in the RIPE Database.
Brian noted that there was a bigger version of Athina’s presentation
available from the NCC Services Working Group and that it would be made
available in that working group’s archive.
Volodymyr Yakovenko, Google, asked if there was an example of a Dutch
court order available and the conditions for such a court order.
Athina said the RIPE NCC hadn’t received one yet but was working with
Dutch national authorities on what should be contained in such an order.
Brian asked that the RIPE NCC make known to the community the outcome of
the RIPE NCC’s discussion with the Dutch legal authorities.
Wilfried Woeber, Database Working Group Co-Chair, said it was important
to get the provisions of the document correct as soon as possible, and
he also advised against overreacting to a court order in terms of
deregistration.
Athina said termination of the service contract between the RIPE NCC and
an LIR resulted in a loss of service, and that included registration of
resources.
Rob Blokzijl, RIPE Chair, said the RIPE NCC has been in contact with
legal enforcement agencies (LEAs) for a number of years, and the police
are doubtful that they will see a need to bring a court order or
deregister resources. He said LEAs are interested in stopping criminals
and removing information is not something they would see as helping this
goal.
Brian said further discussion of the document should take place on the
RIPE NCC Services Working Group mailing list.
B4. RIPE NCC Survey on Improving RIPE Database Quality
Ferenc Csorba from the RIPE NCC gave a presentation on a survey aimed at
improving RIPE Database quality. The presentation is available at:
http://ripe61.ripe.net/presentations/279-RIPE_DB_Quality_Survey.key
There were no questions and Brian said feedback on the survey should be
directed to the Database Working Group mailing list.
C. Policies
C1. 2010-08 Abuse Contact Information
Working Group Co-Chair Brian Nisbet called Tobias Knecht, Abusix, the
proposer of 2010-08, on Skype.
Brian noted that he had discussed the proposal with Tobias and they had
talked to the Database Working Group and RIPE NCC staff. He said some
changes had been recommended.
Brian explained that the proposal was to “add a mandatory reference to
IRT objects in the INETNUM, INET6NUM and AUT-NUM objects in the RIPE
Database. He added that potential changes to the proposal include
removal of implementation details. He said there would be a redraft of
the proposal and asked for any comments on having the mandatory
reference to abuse contacts in IRT objects.
Michele Neylon, Blacknight, said there might be some confusion because
some people seemed to be confusing introduction of a mandatory abuse
contact with solving all problems. He said he foresaw problems with
people expecting the proposal to have a broader impact that was
originally intended.
Tobias said the main point of the proposal was the mandatory nature of
having the reference, but this was something people might have to decide
for themselves and he was open to hearing comments on this.
James Blessing, Limelight, said the proposal was a nice idea but there
would have to be a lot of objects referenced. He recalled that there was
a proposal to deregister objects that didn’t have accurate details. He
foresaw a situation in three months where people who did not hear about
this policy would have objects deregistered.
Brian said the deregistration policy was not something that would happen
overnight. He said there would have to be a proper process of
negotiation with the LIR before anything would happen.
Peter Koch, DENIC, said he failed to see a clear problem statement for
this proposal. He said if people are not getting a response from abuse
contacts, then making it mandatory would not change anything. He said if
people are sending abuse reports and it’s not going to the correct
address, then he would like to see evidence of this.
Tobias said the problem was that there were too many places where people
could add abuse contact details and people are confused. He said the
main intention is to have one place where people know they have to put
contact information and where other people will know they can find
contact information.
Peter said he disagreed there too many places to put contact information
already and he said it seemed to be more of an education problem rather
than anything else.
Tobias said if you are going to educate people on where to find
information, it is easier to do if you know the information is in one
place rather than in one or more of 15 locations.
Shane Kerr, Internet Systems Consortium, said there were already
references to IRT objects in INETNUM and INET6NUM objects, and he asked
if it was not to be mandatory then what was the point of having the
proposal.
Brian agreed that this was the crux of the issue.
Tobias said there might be a better way to do things, but it is
important that everyone knows how to do it.
Sascha Eilms, ECO/CSA, said he wanted to support the proposal because it
showed willingness from the industry to self-regulate and tackle the
problem of abuse.
Wilfried Woeber, Database Working Group Co-Chair, said he was a
co-architect of the IRT object and had sympathy with the idea that there
were too many choices on where to place contact information at the
moment. He said that coming up with ways to simplify things does have merit.
Brian asked Tobias if, based on the comments, they could sit down and
redraft the policy to be resubmitted, and Tobias agreed to this.
Shane said there was the issue of simplification that most people would
agree with, but there was also the issue of making it mandatory. He
suggested this should be discussed in the Address Policy Working Group
because if the proposal to make this mandatory was accepted this would
be a big issue for LIRs.
Peter Koch said making such an attribute mandatory would have major
operational implications for the RIPE Database and said the matter of
how to apply the technology was also an important issue.
Brian said they would take the comments on board when redrafting and the
conversation could continue on the mailing list.
C2. 2010-09 – “Frequent Update Request” and 2010-10 “Change to RIPE 452”
Brian explained that 2010-09 was a proposal to have the RIPE NCC
regularly contact all current RIPE Database object holders with
resources in the RIPE Database to ask them to actively check that all
their details are up-to-date.
He explained that 2010-10 proposed to add a reference to the sponsoring
LIR in INETNUM, INET6NUM and AUT-NUM objects to increase the possibility
of abuse tracking and handling.
Brian said that these were two huge proposals with major implications.
He said he agreed with the proposers to withdraw these proposals, at
least temporarily, and set up a RIPE Task Force featuring people from
the RIPE Database Working Group and the Anti-Abuse Working Group among
others to look at improving the registry and the RIPE Database. He said
they wanted to consult the RIPE NCC and other parties to see what was
the best way to deal with the issues rather than bringing a number of
proposals.
Brian said the two proposals would be withdrawn with the knowledge that
the proposers resubmit them if the task force did not make sufficient
progress
D. Interactions
D1. Working Groups
Working Group Co-Chair Brian Nisbet noted that there has been a lot of
interaction with the RIPE Database Working Group and the RIPE NCC
Services Working Group. He said the RIPE Task Force to address issues
with the RIPE Database arose from communication with the RIPE NCC
Service Working Group, and this task force would feed back to both those
working groups as well as the Anti-Abuse Working Group.
D2. CCWP
Brian explained that Wout de Natris chaired the Cybercrime Working Party
(CCWP). He said there was a meeting today that saw a number of
inputs/outputs from this group. He said the main thing to come out of
the meeting was the need for cross training of the groups – technical
and policy training for legal enforcements agencies, and information on
how to detect dubious registrations for the RIPE NCC and RIPE community.
Brian said the CCWP met approximately four times a year and it has
proved to be very useful so far. He said if anyone had any input to
bring to the CCWP they should talk to either Brian himself or Jochem de
Ruig from the RIPE NCC.
D3. RIPE NCC Gov/LEA Interactions Update
Brian said Paul Rendek from the RIPE NCC covered this area extensively
in the RIPE NCC Services Working Group and he did not want to revisit it
here.
X. A.O.B.
James Blessing, concerned Internet citizen, said he noticed that
Co-Chair Richard Cox tends often not to be present at RIPE Meetings or
not involved, unless it is to be hostile towards RIPE itself. He asked
if Richard was the correct person to be working group co-chair.
Working Group Co-Chair Brian Nisbet said he contacted Richard and asked
him to respond to comments that had been made, but Brian had not heard
back from Richard in relation to this.
Jim Reid, Internet citizen, said this was a delicate issue, and even if
the co-chair of a working group was critical of RIPE, that is not
necessarily a bad thing. He said, however, that his opinion was that
Richard crossed a line insofar as his comments were unfair and
unjustified, and he confused RIPE with the RIPE NCC in his comments,
which is not helpful. He said Richard’s comments unfairly damaged the
reputation of RIPE, the RIPE NCC and the Anti-Abuse Working Group.
Rob Blokzijl, RIPE Chair, noted that this is the first time there has
been a situation like this in the history of RIPE. Rob noted that the
RIPE Chair, the Chairman of the RIPE NCC Executive Board and the RIPE
NCC Managing Director met with Richard where they tried to clear up some
misunderstandings. He said all three who met with Richard are
disappointed that the outcome of this meeting, where they thought issues
had been cleared up, were not reflected in subsequent posts from Richard
that were published on websites. He said he felt that if you were
elected to chair a working group by the RIPE community then you had a
responsibility to that community and to its secretariat, the RIPE NCC.
He concluded that it would be better for the community if Richard would
step down so it would be clear that when he spoke he was speaking for
himself and not the RIPE community.
David Freedman, Claranet, read verbatim a public post from Richard to
give context to the discussion.
(http://www.spamhaus.org/news.lasso?article=663)
Brian said there was no written procedure for the current situation.
Rob said that if you accept that it is up to the RIPE community to
appoint working group chairs, then it is implicit that the community has
the same responsibility to remove a chair when necessary.
Brian said he did not want to see a protracted discussion about this on
the mailing list. He added that he spoke to Richard and asked him to
consider his position but there has been no response. He asked if anyone
felt the Anti-Abuse Working Group should deal with the situation of if
there was any particular way that this situation should be approached.
Michele Neylon, Blacknight, said it was unfortunate there was no written
procedure for this situation. He said one individual can cause major
problems for a working group, whether they are a co-chair or not, and in
such a situation it might be best for that person to move on. He said he
respected Richard and the work he does but in this situation some
decisive action was needed.
Rob said a possible solution would for both co-chairs to step down, new
chairs to be elected at the next RIPE Meeting and for Brian to act as
interim chair of the working group until then. He said the simplest
solution would be for this working group to decide Richard Cox was no
longer a co-chair of the working group and to elect a new co-chair at
the next RIPE Meeting.
Peter Koch said the session was already overrun by 15 minutes and that
such a delicate issue should not be handled in AOB and overtime for the
Working Group.
Jim Reid said that changes of co-chair happen for various reasons and
it’s a natural process. He said it seemed as though Richard’s time as
co-chair might be over but he would be free to be involved with the
working group as any other individual is welcome to be.
Rob said that if nothing were done at this session, there would be
potentially six months of damage to the RIPE NCC and six months of
damage to the RIPE community. He urged the community to take action at
this session.
Sander Steffann, Address Policy Working Group Co-Chair, said if there
was a lack of support for a working group chair then that chair should
step down.
Shane Kerr, ISC, said he thought this situation might be a reflection of
a larger disconnect between people working in Anti-Abuse and the ISPs.
He said the Anti-Abuse community often had goals that were very
disconnected from the Internet community at large. He said such people
could use this as another example of people in the Internet community
not listening to their wishes.
Nick Hilliard, INEX, asked what were the contingency plans if Richard
refused to step down as co-chair. He said he wasn’t sure it was typical
in RIPE for someone to be forced to step down as a working group chair
because that working group has lost faith in that chair. He said the
RIPE community should address the lack of a formal procedure as a matter
of urgency.
James Blessing suggested it might be possible to suspend his
chairmanship but it must be made clear that the working group did not
support him 100% as co-chair.
Rob said it was not for Richard to decide that he represented the
community; rather it was for the community to decide this. He asked the
working group to make a decision or else expect to have a difficult six
months ahead. He said he did not care what Richard published as long as
it was disconnected from the RIPE community.
Remco van Mook, Equinix, said if this working group could not make a
decision then it could be disbanded and reformed at the RIPE Plenary
with new co-chairs.
Rob said he was happy to support Remco’s proposal. He said he the
Anti-Abuse Working Group had until the Closing Plenary session to
resolve this matter. He added that it would be good for the whole RIPE
community to be aware of its responsibilities in matters such as this one.
Brian said that he was not in favour of this option. He noted that no
one had stood up to support Richard’s position as co-chair.
Jim Reid said someone should post a motion of no confidence in Richard
to the mailing list.
Brian said the chairs were always elected at RIPE Meetings and there was
no requirement to go to the mailing list with this.
Rob said he felt that matters were clear but that no one was willing to
say anything formally.
James Blessing said he would be willing to do what was required if he
could be told exactly what that was. He asked for audible consensus from
the room. The reaction was judged to be consensus.
Brian said he had discussed the matter with Rob prior to the working
group session and they agreed that the working group had the authority
to appoint its co-chairs and, therefore, to remove them. Brian asked if
anyone was willing to stand up and object to Richard Cox being removed
as Co-Chair of the Anti-Abuse Working Group. As nobody took this action,
Brian declared that consensus had been reached. He said that he would
require a new co-chair and he expressed his wishes that one could be in
place by the RIPE 62 Meeting.
Z. Close
Brian thanked everyone for attending and for their patience and said he
hoped to see everyone at RIPE 62.
The Agenda and all presentations are available at:
http://ripe61.ripe.net/programme/meeting-plan/anti-abuse-agenda/
The stenography transcript of this session is available at:
http://ripe61.ripe.net/archives/steno/4